CVE-2004-1444

Roundup < 0.6.4 - Path Traversal via @@ Command in HTTP GET Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1444. PoCs published by Vickenty Fesunov.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Roundup, allowing remote attackers to read arbitrary files by using the /home/@@file/ prefix combined with ../ sequences. The provided HTTP request example targets /etc/passwd.

Description

Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Vickenty Fesunov · textremotelinux

https://www.exploit-db.com/exploits/24179

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Roundup, allowing remote attackers to read arbitrary files by using the /home/@@file/ prefix combined with ../ sequences. The provided HTTP request example targets /etc/passwd.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Roundup 0.6.11 and prior

No auth needed

Prerequisites: Network access to the vulnerable Roundup instance

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1010415

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10495

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/16350

Product x_refsource_confirm

http://sourceforge.net/tracker/index.php?func=detail&aid=961511&group_id=31577&atid=402788

Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/11801/

Exploit x_refsource_misc

http://packetstormsecurity.nl/0406-exploits/roundUP.txt

Patch vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200408-09.xml

Scores

EPSS 0.1653

EPSS Percentile 95.1%

Details

CWE

CWE-22

Status published

Products (34)

pypi/Roundup 0 - 0.7.3PyPI

roundup-tracker/roundup 0.1.0

roundup-tracker/roundup 0.1.1

roundup-tracker/roundup 0.1.2

roundup-tracker/roundup 0.1.3

roundup-tracker/roundup 0.2.0

roundup-tracker/roundup 0.2.1

roundup-tracker/roundup 0.2.2

roundup-tracker/roundup 0.2.3

roundup-tracker/roundup 0.2.4

... and 24 more

Published Dec 31, 2004

Tracked Since Feb 18, 2026